// Copyright 2021 The LUCI Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package dscursor

import (
	"context"

	"go.chromium.org/luci/common/pagination"
	"go.chromium.org/luci/gae/service/datastore"
	"go.chromium.org/luci/server/secrets"
)

// Vault is a utility type that can convert datastore.Cursor to/from an
// encrypted, URL safe page token. It uses AEAD to ensure that
// 1. potential sensitive information contained in the cursor is not leaked.
// 2. user can not use a page token that is not generated by the server.
type Vault struct {
	additionalData []byte
}

// PageToken converts a datastore.Cursor to an encrypted, URL safe page token.
func (v *Vault) PageToken(ctx context.Context, cursor datastore.Cursor) (string, error) {
	if cursor == nil {
		return "", nil
	}

	return secrets.URLSafeEncrypt(ctx, []byte(cursor.String()), v.additionalData)
}

// Cursor converts a page token to a datastore.Cursor.
// Returns pagination.ErrInvalidPageToken if the token is malformed or can't be
// decrypted and secrets.ErrNoPrimaryAEAD if the encryption key is not
// configured.
func (v *Vault) Cursor(ctx context.Context, pageToken string) (datastore.Cursor, error) {
	if pageToken == "" {
		return nil, nil
	}

	cursorString, err := secrets.URLSafeDecrypt(ctx, pageToken, v.additionalData)
	switch err {
	case nil:
		// Continue
	case secrets.ErrNoPrimaryAEAD:
		return nil, err
	default:
		return nil, pagination.ErrInvalidPageToken
	}

	cursor, err := datastore.DecodeCursor(ctx, string(cursorString))
	if err != nil {
		return nil, pagination.ErrInvalidPageToken
	}
	return cursor, nil
}

const additionalDataPrefix = "common/pagination/dscursor:"

// NewVault creates a new page token vault with the specified additional data.
//
// Notes:
// * server/secrets module must be initialized with PrimaryTinkAEADKey during
// server start up.
// * The additionalData is used for encryption. Vaults used in different places
// should have different additional data.
func NewVault(additionalData []byte) Vault {
	// Copy the additional data to ensure that it can't be mutated once the
	// vault is initialized.
	ad := make([]byte, 0, len(additionalDataPrefix)+len(additionalData))
	ad = append(ad, additionalDataPrefix...)
	ad = append(ad, additionalData...)

	return Vault{
		additionalData: ad,
	}
}
